package com.gjun.struts.filter;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;



import com.gjun.struts.bean.GjunsystemPrivilege;

public class AdminLevelCheckFilter implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		//System.out.println("经过过滤里了asdasd");
		
		request.setCharacterEncoding("UTF-8");

		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;

		HttpSession session = req.getSession();

		String account = (String) session.getAttribute("account");
		//System.out.println("监听account=========>"+account);
		Date loginTimer = (Date) session.getAttribute("loginTimer");

		if (account == null || loginTimer == null) {
			response.setContentType("text/html;charset=GBK");
			PrintWriter out = res.getWriter();
			out.println("<script type='text/javascript'>");
			out.println("  alert('非法访问系统,返回登录页面!')");
			out.println("  top.location='"+req.getContextPath()+"/signin.jsp';");
			
			out.println("</script>");
			out.flush();
			out.close();
			return;
		}

		List<GjunsystemPrivilege> allPris = (List<GjunsystemPrivilege>) session
				.getAttribute("allPris");
		List<GjunsystemPrivilege> accountPris = (List<GjunsystemPrivilege>) session
				.getAttribute("accountPris");
		
		//System.out.println("==================================:  "+accountPris.get(0));
		if(accountPris==null || accountPris.size()<1 || accountPris.get(0)==null){
			response.setContentType("text/html;charset=GBK");
			PrintWriter out = res.getWriter();
			out.println("<script type='text/javascript'>");
			out.println("  alert('权限不足,无法访问')");
		    out.println("</script>");
			out.flush();
			out.close();
			return;
		}

		String clientURI = req.getRequestURI();
		//System.out.println("-------  " + accountPris.get(0).getLabel());
		for (GjunsystemPrivilege g : allPris) {

			if (clientURI.lastIndexOf(g.getHref()) != -1) {
				// System.out.println("需要验证 "+g.getLabel());
				boolean checkResult = checkLevel(g.getHref(),g.getLabel(),accountPris);
				if(!checkResult){
					response.setContentType("text/html;charset=GBK");
					PrintWriter out = res.getWriter();
					out.println("<script type='text/javascript'>");
					out.println("  alert('权限不足,无法访问')");
					
					out.println("</script>");
					out.flush();
					out.close();
					return;
				}else{
					chain.doFilter(req, res);
					return;
				}
			}
		}

		chain.doFilter(req, res);
	}

	public boolean checkLevel(String href,String label, List<GjunsystemPrivilege> accountPris) {
		boolean isHave = false;
		for (GjunsystemPrivilege g : accountPris) {

			if (g.getHref().equals(href) && g.getLabel().equals(label)) {
				isHave = true;
				//System.out.println("ok===================");
				break;
			}
		}
		return isHave;
	}

	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}
